this post was submitted on 11 Oct 2024
37 points (95.1% liked)

Cybersecurity

5683 readers
69 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] jacksilver@lemmy.world 12 points 1 month ago (1 children)

To be honest, it actually does sound like a reasonable and security focused change. It basically looks to take a more zero trust kind of approach in regards to admin elevation.

[–] BearOfaTime@lemm.ee 5 points 1 month ago* (last edited 1 month ago) (1 children)

UAC is a bandaid for a lack of proper local user account management. I never see it in Enterprise, nor on my home machines, as users have appropriate permissions, with admin being tightly controlled. (To be honest, I just turn it off on my home machines, run as a user, and if I need admin I switch accounts).

This really only affects home users who like to run as admin all the time (about 98% of us, I've been guilty of it most of my career).

I get it, I just don't see it really being a significant risk (this is related to a hack published perhaps a week ago where an attacker, could, potentially, maybe, gain admin by timing the attack perfectly during an install, but only on specific machines).

[–] jacksilver@lemmy.world 1 points 1 month ago

I'd take your word on it, OS level security is not my forte. The main thing I was calling out is that the change seems to be looking to actually fix an issue and not limit control, as the original commenter seemed to imply.